(In)Compatibility Issues Between 1.4 and 1.5

Romy Arslan rarslan at aub.edu.lb
Fri May 11 02:40:37 EDT 2007

Try creating a database on the slave kdc (using the kdb5_util create 
-r YOURREALM -s ) before initiating  the database propagation from the 
master. It worked for us.

Romy Arslan	    Ext: 2267
Computing & Networking Services
American University of Beirut

-------------- next part --------------
Hi all,

This is my first time posting on the list, mainly because the documentation

is terrific, and I really haven't had any problems with Kerberos - Until

now, of course.

My issue is in setting up a slave KDC here at my home "lab". My master (and

only, to this point) KDC is running on a FC4 box, and is currently at

whatever the last version of Kerberos is that was available on that version

of Fedora (1.4.1). Yeah, I know I need to upgrade that box, but first thing

is first, and I need to get another box doing Kerberos and OpenLDAP before

this other box can be touched.

So, I tried setting up this slave KDC on a fresh CentOS 5 box. I followed

the instructions listed on the install page, but when it comes to run kprop

on the master, I get this message:

[root at intranet ~]# kprop -d -f /var/kerberos/krb5kdc/slave_datatrans


8976 bytes sent.

kprop: Software caused connection abort while reading response from server

And from the /var/log/messages log on athena.sessys.com:

May  9 19:40:39 athena kpropd[22326]: Connection from intranet.sessys.com

May  9 19:40:39 athena kpropd[22326]: /usr/kerberos/sbin/kpropd:

/usr/kerberos/sbin/kdb5_util returned a bad exit status (1)

It at least partially worked, as I get this for a ls in


[root at athena log]# ls -lah /var/kerberos/krb5kdc/

total 44K

drwxr-xr-x 2 root root 4.0K May  9 19:40 .

drwxr-xr-x 3 root root 4.0K May  9 19:22 ..

-rw------- 1 root root 8.8K May  9 19:40 from_master

-rw-r--r-- 1 root root  807 May  9 19:24 kdc.conf

-rw-r--r-- 1 root root   70 May  9 19:25 kpropd.acl

-rw------- 1 root root 8.0K May  9 19:40 principal~

-rw------- 1 root root 8.0K May  9 19:40 principal~.kadm5

-rw------- 1 root root    0 May  9 19:40 principal~.kadm5.lock

-rw------- 1 root root    0 May  9 19:40 principal~.ok

Kpropd.acl should be configured correctly, as it has the host principals for

both the master and slave on both the master and the slave. The principals

are configured correctly, and their keytabs should be extracted correctly -

After all, it is getting fairly far in the process.

As best as I can figure, this is an issue/incompatibility between the

different Kerberos versions, but if anyone wants to confirm or deny that, I

would very much appreciate it (as I will otherwise try to install a matching

version on the master KDC, after backing up my database, of course). Thanks,

in advance.



|  Sean Elble                                     |

|  Virginia Tech, Class of 2008                   |

|  Vice President, VTLUUG                         |

|  E-Mail:   elbles at sessys.com                    |

|  Web:      http://www.sessys.com/~elbles/       |

|  Cell:     860.946.9477                         |


-------------- next part --------------

Kerberos mailing list           Kerberos at mit.edu


More information about the Kerberos mailing list